CHttpRequest encapsulates the $_SERVER variable and resolves its inconsistency among different Web servers.

CHttpRequest also manages the cookies sent from and sent to the user.
By setting enableCookieValidation to true,
cookies sent from the user will be validated to see if they are tampered.
The property cookies returns the collection of cookies.
For more details, see CCookieCollection.

See Also

Returns the cookie collection.
The result can be used like an associative array. Adding CHttpCookie objects
to the collection will send the cookies to the client; and removing the objects
from the collection will delete those cookies on the client.

csrfCookie
property

public array $csrfCookie;

the property values (in name-value pairs) used to initialize the CSRF cookie.
Any property of CHttpCookie may be initialized.
This property is effective only when enableCsrfValidation is true.

See Also

the name of the token used to prevent CSRF. Defaults to 'YII_CSRF_TOKEN'.
This property is effectively only when enableCsrfValidation is true.

enableCookieValidation
property

public boolean $enableCookieValidation;

whether cookies should be validated to ensure they are not tampered. Defaults to false.

enableCsrfValidation
property

public boolean $enableCsrfValidation;

whether to enable CSRF (Cross-Site Request Forgery) validation. Defaults to false.
By setting this property to true, forms submitted to an Yii Web application must be originated
from the same application. If not, a 400 HTTP exception will be raised.
Note, this feature requires that the user client accepts cookie.
You also need to use CHtml::form or CHtml::statefulForm to generate
the needed HTML forms in your pages.

See Also

Returns the schema and host part of the application URL.
The returned URL does not have an ending slash.
By default this is determined based on the user request information.
You may explicitly specify it by setting the hostInfo property.

Returns the request URI portion for the currently requested URL.
This refers to the portion that is after the host info part.
It includes the query string part if any.
The implementation of this method referenced Zend_Controller_Request_Http in Zend Framework.

See Also

Returns the cookie collection.
The result can be used like an associative array. Adding CHttpCookie objects
to the collection will send the cookies to the client; and removing the objects
from the collection will delete those cookies on the client.

getCsrfToken()
method

public string getCsrfToken()

{return}

string

the random token for CSRF validation.

Returns the random token used to perform CSRF validation.
The token will be read from cookie first. If not found, a new token
will be generated.

See Also

schema to use (e.g. http, https). If empty, the schema used for the current request will be used.

{return}

string

schema and hostname part (with port number if needed) of the request URL (e.g. http://www.yiiframework.com)

Returns the schema and host part of the application URL.
The returned URL does not have an ending slash.
By default this is determined based on the user request information.
You may explicitly specify it by setting the hostInfo property.

Returns the named GET or POST parameter value.
If the GET or POST parameter does not exist, the second parameter to this method will be returned.
If both GET and POST contains such a named parameter, the GET parameter takes precedence.

Returns the request URI portion for the currently requested URL.
This refers to the portion that is after the host info part.
It includes the query string part if any.
The implementation of this method referenced Zend_Controller_Request_Http in Zend Framework.

getScriptFile()
method

public string getScriptFile()

{return}

string

entry script file path (processed w/ realpath())

getScriptUrl()
method

public string getScriptUrl()

{return}

string

the relative URL of the entry script.

Returns the relative URL of the entry script.
The implementation of this method referenced Zend_Controller_Request_Http in Zend Framework.

getServerName()
method

public string getServerName()

{return}

string

server name

getServerPort()
method

public integer getServerPort()

{return}

integer

server port number

getUrl()
method

public string getUrl()

{return}

string

part of the request URL after the host info.
It consists of the following parts:

Performs the CSRF validation.
This is the event handler responding to CApplication::onBeginRequest.
The default implementation will compare the CSRF token obtained
from a cookie and from a POST field. If they are different, a CSRF attack is detected.